Slideshare uses cookies to improve functionality and performance, and to provide you with relevant advertising. If you continue browsing the site, you agree to the use of cookies on this website. See our User Agreement and Privacy Policy.

Slideshare uses cookies to improve functionality and performance, and to provide you with relevant advertising. If you continue browsing the site, you agree to the use of cookies on this website. See our Privacy Policy and User Agreement for details.

I love these slides! Did you know we’re running a competition on SlideShare to win a 3M PocketProjector MP180? To enter, simply tag your presentation with ‘3MInform’. Head over to our page for more details... and don’t forget to follow us to find out if you get shortlisted!

What makes the internet<br />Internet
is about global interconnected computer networks<br />It has Servers & Clients<br />Clients request a service/content from the Servers<br />Servers are special computers powerful enough to serve the Clients<br />

Protocols<br />Servers & Clients need
some rules to control how they deal with each other, a “Protocol”<br />Protocol in general is; a set of rules governing communications between two parties<br />HTTP: Hyper-Text Transfer Protocol, is the most widely used Protocolover the internet, between Servers & Clients<br />

HTTP Header<br />HTTP Header also
carry sufficient information about you & yourbrowser, so that the Server can do its job<br />Here lies the Problem, these information about you are sent as PlainText<br />If anyone can Sniff these information, he can deceive the Server and makes it think the “he” is “you”!!<br />

Sniffing<br />If you are using
unsecured Wi-Fi, all your data sent between your PC & Router are available to anyone to read!!<br />So if any attacker could Sniff these data, he’ll be able to read the HTTP requests & responses<br />Thus, he can deceive the Server to identify “him” as “you”<br />

Sniffing<br />So if the attacker
can read the ID that is uniquely given to each Client<br />He can fake an HTTP request & manually put your ID & request pages from the Server<br />The Server will identify “him” as “you” without the need to re-sign in, because the requests carry your unique ID<br />

Firesheep<br />Firesheep is a Mozilla
Firefox’s Add-on<br />It enables anyone to Sniff HTTP Headers on unsecured Wi-Fi& makes one able to access websites using others’ identities<br />It was downloaded more than 400,000 times in 5 days<br />Google got 1million searches about it in 10 days<br />

How to defend oneself<br />Once
the add-on was released by “Eric Butler”, many wrote that the solution is avoidingunsecured Wi-Fi<br />But Eric responded by making the reason behind releasing such add-on clear<br />Which is ringingthebell about that issue with HTTP, and letting users know that the websites are NOTprotecting them enough<br />

"Websites have a responsibility to
protect the people who depend on their services.<br />They've been ignoring this responsibility for too long, and it's time for everyone to demand a more secure web.<br />My hope is that Firesheepwill help the users win!" Eric Butler<br />

The Real Solution!<br />The core
problem is that HTTP exchanges requests & responses in plain text<br />So, the solution is to encrypt these requests & responses, as simple as that!<br />By using HTTPS, a much more secured version of the famous Protocol<br />Now all exchanged data will be secured from eavesdropping & Sniffers<br />

What’s stopping HTTPS<br />The question
in your head now is; Why haven’t the websites protected their users by utilizing HTTPS & making it default?<br />2 main problems:<br />Encryption adds an intermediate step, which adds time & more processing power needed<br />To use HTTPS websites’ owners must purchase certificates to be marked globally as secure<br />

What’s stopping HTTPS<br />These all
add costs to services that are provided for free to users<br />So it is more of a trade-off between security & cost<br />It is worth mentioning that Google started using HTTPS with many of its products, specially Gmail<br />